Summer Sale 60% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best60

Examstrust Logo
examstrust mcafee
  1. Home
  2. RSA
  3. NetWitness Platform
  4. 050-11-CARSANWLN01 - RSA NetWitness Logs & Network Administrator Exam

RSA 050-11-CARSANWLN01 RSA NetWitness Logs & Network Administrator Exam Exam Practice Test

Page: 1 / 7
Total 71 questions
Get 050-11-CARSANWLN01 Full Access Download 050-11-CARSANWLN01 PDF

RSA NetWitness Logs & Network Administrator Exam Questions and Answers

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$68  $169.99
Add to Cart

Testing Engine

  • Product Type: Testing Engine
$48  $119.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$42  $104.99
Add to Cart
Question 1

What is the definition of an RSA NetWitness ad hoc feed?

Options:

A.

A feed that is deployed one time on one or more Decoders

B.

A feed that is deployed once on three or more Decoders

C.

A feed that is deployed on no more than three Decoders once

D.

A feed that is deployed on one or more Decoders at least three times

Question 2

Where do you define dynamic charts for real-time display in Dashboards?

Options:

A.

Default Dashboard

B.

MONITOR > Reports > Manage > Charts

C.

MONITOR > Reports > Charts > View

D.

CONFIGURE > ESA Rules

Question 3

The RSA NetWitness Reporting Engine provides visibility into captured data via which of the following mechanisms?

Options:

A.

static and/or dynamic analysis

B.

alerts, reports and charts

C.

community and/or sandbox analysis

D.

ad hoc, schedules, and/or auto-run features

Question 4

What are the data sources available in RSA NetWitness when creating a Reporting Engine rule?

Options:

A.

Short, Long, Truncated

B.

IPDB, ODBC, FileReader

C.

Broker, Concentrator, Decoder

D.

NetWitness DB, Warehouse DB, Respond DB

Question 5

To access device information and perform device operations through RSA NetWitness. a user must be

Options:

A.

assigned the role of Operator"

B.

a member of a "DeviceUser" group in Active Directory

C.

a member of a role that has privileges for the device

D.

assigned read/write access to the NetWitness appliance

Question 6

Which output actions are available when creating Reporting Engine alerts'?

Options:

A.

OSX, ODBC, Syslog

B.

ODBC, SQL, Syslog, SMTP, URL, NetworkShare

C.

SNMP, SMTP, Syslog, SFTP, URL, NetworkShare

D.

SNMP, ODBC, Syslog, FTP

Question 7

Which RSA NetWitness component indexes metadata extracted from network or log data and makes it available for querying?

Options:

A.

Broker

B.

Informer

C.

Spectrum

D.

Concentrator

Question 8

Which of the following statements is true regarding Packet-based analysis in general?

Options:

A.

Packet-based analysis is required for viewing log and session data

B.

Packet-based analysis is based on metadata capture reduced to packets

C.

Packet-based analysis can be accomplished with common tools such as Wireshark

D.

Packet-based analysis is accomplished using the table-map xml file

Question 9

When adding a data source to the ESA device. RSA recommends using only the

Options:

A.

Concentrator

B.

Decoder

C.

Log Collector

D.

Archiver

Question 10

You can configure replication for log data by setting up a remote collector and creating

Options:

A.

a Virtual Log Collector

B.

a lockbox

C.

host groups

D.

destination groups

Load More 050-11-CARSANWLN01 Questions
Page: 1 / 7
Total 71 questions
Get 050-11-CARSANWLN01 Full Access Download 050-11-CARSANWLN01 PDF